SB2021051103 - Multiple vulnerabilities in Liferay Portal
Published: May 11, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Protection Mechanism Failure (CVE-ID: CVE-2021-29047)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect SimpleCaptcha implementation, which does not invalidate CAPTCHA answers after they were used. A remote attacker can reuse the same CAPTCHA answers, bypass SimpleCaptcha protection and repeatedly perform actions with the web application.
2) Stored cross-site scripting (CVE-ID: CVE-2021-29048)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Layout module's administration page, when processing data passed via the "_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name" parameter (Site page name). A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Stored cross-site scripting (CVE-ID: CVE-2021-29046)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data the Asset module's category selector input field ("_com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title" parameter). A remote user can inject a malicious script into the category name and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743501